Mumble is a high-quality, low latency audio conferencing service that allows many people to connect at once and talk together with limited bandwidth. Originally thought as a gamer application, it can overlay to full-screen programs.

This document describes how to install Murmur, the mumble-server on Debian Buster and how to configure it and related services such as:

bandwidth

@Amolith recommends using 130000 for better sound quality (like streaming music) or maximizing the number of simultaneous speakers. I did not test this setting yet, and have concerns about low-bandwidth situations where some people would boost their sound quality but overflow what’s available on slow links (e.g., UMTS connections) – in my experience so far people seem to be using between 40 - 55 Kpbs for voice for an acceptable quality.

users

# Maximum number of concurrent clients allowed.
users=100

TODO: document how much bandwidth is used per number of users… If we’d like to scale up to 400+ users, how much bandwidth do we need, or put otherwise: how many concurrent users can Murmur support on a 100Mbps link?

channelnestinglimit

Channel nesting is a matter of preference I guess, but I can’t see a good reason to nest rooms tenfold since it will make it hard for humans to find their way through such a maze.

# Maximum depth of channel nesting. Note that some databases like MySQL using
# InnoDB will fail when operating on deeply nested channels.
#channelnestinglimit=10
channelnestinglimit=3

SSL Setup

sslCert and sslKey allow to setup “a proper SSL certificate”. LetsEncrypt is your friend. One limitation of TLS support in Mumble is that it does not support PFS yet. You can use sslCiphers to limit connection to the best available ciphers but it remains suboptimal.

sslCiphers configuration

# The sslCiphers option chooses the cipher suites to make available for use
# in SSL/TLS. This option is server-wide, and cannot be set on a
# per-virtual-server basis.
#
# This option is specified using OpenSSL cipher list notation (see
# https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT).
#
# It is recommended that you try your cipher string using 'openssl ciphers <string>'
# before setting it here, to get a feel for which cipher suites you will get.
#
# After setting this option, it is recommend that you inspect your Murmur log
# to ensure that Murmur is using the cipher suites that you expected it to.
#
# Note: Changing this option may impact the backwards compatibility of your
# Murmur server, and can remove the ability for older Mumble clients to be able
# to connect to it.
sslCiphers=EECDH+AESGCM:AES256-SHA:AES128-SHA
#sslCiphers=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-A
ES128-SHA256

TODO: select the best trade-off for compatibility with main Mumble clients, OpenSSL, LetsEncrypt, and security…

obfuscate

The GDPR encourages you to protect the privacy of your clients, so you can use the obfuscate setting to remove the connecting IP addresses from your logs.

cache! The mumble-web application is very heavy to load (one 1.95MB and another 7.3MB scripts).

Matrix

TODO: how to integrate with a Matrix room so Matrix users can join a Mumble room.

mumble-web documentation tells to use a “jitsi” type and point it to the mumble client instead, but that did not work for me. I tried to use a “custom widget” but failed as well: the $matrix_display_name is not replaced with the user name – probably something to configure for the Synpase service to be able to use the identity service from Riot to fix it… Anyone?